package com.yue.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
@RequestMapping("/admin")
public class AdminController {

    //也可以通过注解来判断授权信息
    //@RequiresRoles(value={"admin","user"})//用来判断角色  同时具有 admin user
    //@RequiresPermissions("user:update:01") //用来判断权限字符串
    @ResponseBody
    @RequestMapping("/text")
    public String adminText(){
        Subject subject = SecurityUtils.getSubject();
        //subject.isPermitted("user:update:01");   返回是否拥有操作资源的权限
        if (subject.hasRole("admin")) { //判断role是否含有admin
            return "拥有admin的role才可以看到这段内容";
        }
        return "无权查看！！！！";
    }

}
